[FFmpeg-trac] #6689(website:new): patchwork.ffmpeg.org uses untrusted StartCom HTTPS/SSL/TLS certificate
FFmpeg
trac at avcodec.org
Mon Sep 25 04:44:20 EEST 2017
#6689: patchwork.ffmpeg.org uses untrusted StartCom HTTPS/SSL/TLS certificate
---------------------------------------+---------------------------------
Reporter: kmark | Owner:
Type: defect | Status: new
Priority: normal | Component: website
Version: unspecified | Keywords:
Blocked By: | Blocking:
Reproduced by developer: 0 | Analyzed by developer: 0
---------------------------------------+---------------------------------
https://patchwork.ffmpeg.org produces a `NET::ERR_CERT_REVOKED` error on
Chrome 63 (back to 61, I believe) due to Google blacklisting !StartCom
certificates. I remember this issue was discussed over IRC this past
summer and the main website and git have moved to Let's Encrypt. Patchwork
remains on !StartCom. I'm not sure to what degree the Patchwork instance
is in use but I figured I'd create this ticket to track the issue.
References:
* https://www.ssllabs.com/ssltest/analyze.html?d=patchwork.ffmpeg.org
* https://blog.qualys.com/ssllabs/2017/04/05/ssl-labs-distrusts-wosign-
and-startcom-certificates
* https://security.googleblog.com/2016/10/distrusting-wosign-and-
startcom.html
* https://security.googleblog.com/2017/07/final-removal-of-trust-in-
wosign-and.html
--
Ticket URL: <https://trac.ffmpeg.org/ticket/6689>
FFmpeg <https://ffmpeg.org>
FFmpeg issue tracker
More information about the FFmpeg-trac
mailing list